Friday, November 3, 2017

Black Hat and DEF CON (a little late)

I had written a few thoughts on Black Hat and DEF CON that I never shared here. They are two very different experiences, and the intersection of tech, culture, and commerce left a distinct impression on  me. Here are three of those impressions.


I Wish I'd Done More EE


I wish I'd done more Double-E
   Those folks have all the fun.
They solder random shit and then
   They code it 'til it runs.
They get to play with flashy lights,
   They get to plug in wires.
They mess with crazy 'sciloscopes,
   They get to tweak with pliers.
They rip apart all sorts of goods
   To find out how they work,
Then they post their hacks online:
   Part hero and part jerk!
Oh, why did I waste all that time
  With English and not math?
History just can't teach you how
  To build the future path.


I Don't Wanna Go To DEF CON

(with thanks to Elvis Costello)

I don't wanna go to DEF CON
They're all crazy there.
They pick the locks and hack the toys and
Color all their hair.
They brag about the 'splits and O-days.
They drink and get tattoos.
They want to free the information
And smash apart taboos.

Don't even think about turning on your wifi.
If you do you can kiss your phone goodbye.
Social engineers who try to con.
I don't wanna go to DEF CON.

They wear black shirts with skulls and crossbones.
They listen to the goons in red.
You ask a name, can't trust the answer.
Who would name their kid "TehG0dHed"?

Mobs of stinky nerds sitting side by side all
Listening to talks 'about shit that got fried.
Just like X-Files, you can't trust no one.
I don't wanna go to DEF CON.

Monday, May 22, 2017

One Conference - NLCyber Haiku

I attended the One Conference in The Hague recently, and seeing my European peers talking cybersecurity and Vermer's art inspired me.



The Girl With the Perl Earring


What does she look at,
The Girl with the Perl Earring?
Your code needs review.

Beneath her turban,
Her mind races through the vulns.
She sees the exploits.

Just out of the frame,
Her lithe fingers are dancing.
She's pwning your site.

Thursday, April 27, 2017

SOURCE Boston - Stop Asking?

I've had a great time attending this year's SOURCE Boston conference. Today's panel discussion on ransomware inspired this sad song.


Stop Asking?


Files arrive with a smile,
   a wink,
   and a nod.
Or they trickle down,
   the drips from a leaky ceiling,
   bad news arriving, staining,
      and costing.

You need to click.
   They demand your attention.
      (So shiny!)
   They promise you others' secrets.
      (While demanding all yours.)
   They warn you of impending doom.
      (Not far from the truth.)

You have to click.
   and the smiles drop,
     the ceiling crashes down,
   and you are left to wade
      through unfriendly faces
      offering you a life jacket
         for a price.

"But what if
   those smiles had been genuine
   and there really was
   a hole that needed patching?"
      (How could you know?)

The next file arrives
   and while holding a mop,
   you ask again.

Tuesday, June 14, 2016

FIRST 2016 - Innovation

Today's keynote at the FIRST conference discussed the importance of innovation in security products and services. Not everyone is a fan of such things.

_______

Innovation, you say?
It's easy to say.
Harder to do when you're spending your day
Fighting the fires and calling out liars
And answering calls from your C-level criers.
We barely have time to kick all the tires
On products we buy
Whenever we try
To solve all our problems
When the budget is high.
(Sometime we barely can even ask why.)
Often we're choosin'
Tools that are proven
By peers who have shown
That they're really worth usin'
And are ones that risk management ain't refusing.
We'd like something new,
Innovation that's true,
But it's rare that it's something we'd purposely do.
Radical changes we often eschew.
Innovation is something, I guess, that we fear.
It's something, I'd say, you'll never find here.

Monday, June 13, 2016

FIRST 2016 - Tabletop Exercises

Performing tabletop exercises to practice and learn more about incident response processes of an organization and to improve those processes is an excellent thing to do. Kenneth van Wyk gave an excellent presentation on how to run tabletop exercises.

_____

Fledgling stretches wings
Learning how to make them work.
SOC testing new tools.

A confident hawk
Dives to catch its fleeing prey.
The IDS fires.

Unseen in the trees,
Trappers wait with heavy nets.
A tabletop drill.

How will the hawk eat
When it's wings and beak are bound?
Prepare for the worst.

Hawk learning to hunt
While tied to the rocky ground.
SOC will be ready.

No matter the wind,
The rain, or the predators.
Business must go on.

FIRST 2016 - The Vulnerability Lifecycle

CERT/CC presented a workshop on coordinating vulnerability disclosure. Understanding the vulnerability life cycle helps when developing a corporate vulnerability management process.
_____

Vulnerabilities live, those wee nasty things.
And all through their lives, oh, the mess that they bring!
First they're discovered through various methods,
Researchers probing and using their big heads
Or accidents happening by users at play
That leave them amazed or completely dismayed.
Once it's discovered, it's time for disclosure,
Which may cause a vendor to lose their composure.
This process requires so much c'ordination
Which reduces the impact and bad situations.
Before things are published, we look for a fix:
Remediation through patches or similar tricks.
Deploy out the changes and work toward removal
Of bugs or the process that earned disapproval.
Not much of a life! Vulns are no fun.
Though they seem to be smiling as they yell and they run

Sunday, June 12, 2016

FIRST Conference 2016

Many of my InfoSec peers have come to Seoul to attend the 28th Annual FIRST Conference. It should be a fun, busy, and illuminating time! It is my first big conference since leaving my higher ed crew. I hope these folks will party as hard.

______

Welcome to FIRST!
It's time to get funky.
We've all got some problems
On our backs like a monkey.

Criminals trying to get all our goods.
(Some of them organized, some are just hoods.)
How do we share the intelligence gathered?
What are the details we found really mattered?
What are the tools that we all kinda need?
Who can we turn to when we start to bleed.
Red teams and training and policy work,
Pressos that aim to eat through the murk.

Let us get started. Just dive in and go.
Listen and share, help community grow!

Thursday, March 10, 2016

Boston Security Camp - Afternoon Session

From the afternoon session of the BC Security Camp.

REN-ISAC

REN-ISAC watches,
Threat sharing flows through their hands,
Tall trees grow stronger.


APT Experiences

Even an oyster,
Old, rotten, may have a pearl.
Must open a phish.

VirusTotal shrugs
At the malware file we found.
Wolves howl outside.

IOCs popping.
The APT evolving.
Wounded lamb crying.


Creating a Good Business Relationship Between IT and Treasury for PCI compliance

One good data breach.
Storm water breaks through a dam.
Beavers must rebuild.

Follow the money.
Stars pointing to Treasury:
A PCI map.

Sharing the burden,
Huddling against the winds
Of attestation.

Database Security

The harsh thunder booms
When audit arrives, seeking
Your database logs.

A giant mountain,
Oracle databases.
Their logs are lava.

Information flows
Meta information grows.
DBA hair grays.

Boston College Security Camp - Morning Haiku

I have the privilege of attending this year's Security Camp hosted by Boston College. This morning's presentations inspired some haiku.

Security Camp.
Talks around the camp fire.
Ghost stories, epics.


Moving to the Cloud - Resistance is Futile

Somewhere in the Cloud,
Raindrops form from falling ice.
Your data in tears.

Backups in the Cloud
Backing up backed up data.
Clouds, rain, ocean, clouds.

Acquiring clouds
And claiming them to be yours.
A game for sad fools.


Information Stewardship Governance Program 

Stewarding data,
Each piece led across the Styx
Or to calm prairies.

Understand your data:
A wolf knows all paths traveled
By each pup and prey.

Acorns stored by squirrels
Remain hidden all winter.
Come spring, they grow large.


Software Identification Tags

What should be patched when
Vulnerabilities drop?
Ask the wind and hope.

Browsing undergrowth,
Doe wishes she knew what's there,
Eating, not searching.

XML flowing,
Tagging the world that it knows.
Each leaf on each branch.




Wednesday, January 6, 2016

CVE Haiku

CVE is a useful bit of infrastructure under the US IT sector's vulnerability management machine. However humble, it is still inspirational.


CVE Haiku


CVE counting.
How many motes of pollen
Drifting o'er a field.

A home for problems:
The tree becomes much greater
When we name the leaves.

No one can tell you
What's vulnerability.
Is each fear unique?